Even In Hong Kong, Police Can Strong-arm ISPs Into Handing Over Your User Info

Google previously disclosed that it received nearly 450 requests from the Hong Kong government to hand over user data in 2012, an increase of 38% from the year prior. Recently, the Commerce and Economic Development, in a written reply to the Legislative Council, revealed for the first time that the government made more than 14,000 requests to Internet service providers (ISPs) for disclosure of their users’ information over the past three years.

According to government information, the Hong Kong Police Force made the most requests, asking for user data 12,501 times. Most cases require the ISPs to disclose the user name, identity card number and other personal information for reasons such as prevention and detection of crime. While there’s no information on how often ISPs acceded, one’s thing for sure – none of the requests were made under a court order (see here and here).

Even though it’s agreed that government departments may from time to time need user data for law enforcement purposes, the fact that they can bypass the court is disturbing. Currently, there’s no mechanism to regulate requests made by the government to various ISPs for disclosure or removal of user information. And an Internet user would never know that his or her online data is in the government’s hand — that is, until the until the police knock on the door.